skip to Main Content

ok we have some HTML5/js pages in directories (in WP ‘uploads’) on a WordPress site.
We only want LOGGED in WordPress users to be able to view them.

There were a couple of similar questions here on Stack but when we tried them
their solutions did NOT work for us primarily due to our WordFence and AIO security
plugins, that make adjustments to wp-config and htaccess

We got this code below to work by placing the htaccess in the directory with the
HTML:

#--get file name being accessed and check
RewriteCond %{REQUEST_FILENAME} ^.*(html|mp3|m4a|jpeg|jpg|gif|png|bmp|pdf|doc|docx|ppt|pptx|)$

#--if file being accessed is index.html check for cookie
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in.*$ [NC]

#--execute 403 if no cookie found
RewriteRule . - [R=403,L]

**BUT **it is easily fooled by creating a WP style cookie that fools the "check"
Hoping someone has a better idea that is a little more secure?

None of the PHP solutions we found here so far have worked, (we tried about a half dozen) mostly for the reasons mentioned above. Some of the solutions here are over 10 years old or not related
on our config (Centos 7.6, Plesk Obsidian, PH 7.X, WP 6.1x) or were a little brief 🙂

(Oh and my tech guy has COVID)

Sid

Some further info: I do apologize, but my tech is unavailable (hospital, critical care) so I don’t have specific examples of everything tried previously. I DO know that involving an include of wpload.php created errors because of our security plugins (Wordfence, AIO security)
We can test anything suggested.

Plugins like ACC do not/did not work – they are focused on WordPress and WordPress Users – protecting WP posts, pages, etc. They are just not designed for restricting access to stand-alone HTML from NON-WP visitors. We tried several (including ACC and and they collided with our security and membership plugins.

Any solution I suspect will involve php and htaccess to control non-WP users/visitors.

I am sorry, but I am not sure what/how the ‘use a template’ would work.

2

Answers


  1. You can use ( AAC = Advanced Access Manager ) WordPress plugin for restrict access to an HTML page on wordpress site to only logged in users

    Login or Signup to reply.
  2. Use a plugin like User Specific Post

    To restrict your specific page in the edit screen. If you have any question about the plugin ask the plugin author or wordpress.org forum.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search